#dev 2024-08-05

2024-08-05 UTC
wobbol joined the channel
# 00:28 
catgirlin.space lol, for the profile scope i do give the profile info thingys :3
# 01:43 
[schmarty] Right, via code redeemed at the authorization endpoint rather than the token endpoint.
# 01:47 
catgirlin.space wait so should i accept auth codes at the authorization endpoint even if they do have a scope set? confused >.<
# 01:51 
[schmarty] I defer to spec writers like aaronpk but my read on that spec link above is that codes requested with scope=profile can be redeemed at the authorization endpoint to get a "me" and a "profile". No token is issued so the token endpoint isn't responsible. 🤷‍♂️
# 01:55 
aaronpk ultimately i really want to change this because that behavior isn't technically compatible with OAuth, although if you squint hard enough you could maybe justify it as an extension
# 01:55 
catgirlin.space so confusing,,,
# 01:56 
aaronpk the idea is to make it less confusing
# 01:56 
catgirlin.space hm i read this as the authorization endpoint can only give `me`
# 01:56 
catgirlin.space > If the client only needs to know the user who logged in, the client will exchange the authorization code at the authorization endpoint, and only the canonical user profile URL and possibly profile information is returned.
# 01:56 
catgirlin.space wait
# 01:57 
catgirlin.space im dumb
# 01:57 
catgirlin.space "and possibly profile information"
# 01:57 
catgirlin.space aaa
# 01:59 
catgirlin.space hm i should probably make it work with the authz endpoint then
alephalpha0, kiasoc5 and [morganm] joined the channel
# 05:24 
[tantek] what are web components
# 05:24 
Loqi It looks like we don't have a page for "web components" yet. Would you like to create it? (Or just say "web components is ____", a sentence describing the term)
# 05:24 
[tantek] what is a web component
# 05:24 
Loqi web component is a reusable HTML element defined using the Web Components API, and created & used by IndieWeb community members on their own sites https://indieweb.org/web_component
# 05:24 
[tantek] web components are /web_component
# 05:24 
Loqi ok
GuestZero and ttybitnik joined the channel
# 12:22 
[KevinMarks] https://piccalil.li/links/css-one-liners-to-improve-almost-every-project/
# 12:23 
[KevinMarks] Not sure I agree with all of these
eb, roxwize, ancarda, capjamesg, vikanezrimaya, nnrx, srushe, okCiel, suki, [Scout], AramZS and GuestZero joined the channel
# 14:36 
[morganm] tantek++
# 14:36 
Loqi tantek has 29 karma in this channel over the last year (120 in all channels)
# 14:36 
[morganm] Im looking forward to starting a dedicated course of study and focus into web components sometime soon
# 14:37 
[morganm] I ambiently know a bunch about them but just I want to carve out some time to really try and study
# 14:37 
[morganm] hoping scott J’s course will help
GuestZero, [benatwork], [Jo], ttybitnik and [Joe_Crawford] joined the channel
# 17:33 
[Joe_Crawford] Building a web component might be a good segment of a Front End Study Hall. Adding it as a potential study item. https://indieweb.org/Front_End_Study_Hall
# 17:36 
capjamesg[d] I love that idea [Joe_Crawford]!
# 17:37 
capjamesg[d] I never really _understood_ how a web component works when I built one.
# 17:37 
capjamesg[d] I followed templates but am undoubtably missing important theory.
# 17:46 
[Joe_Crawford] Yeah, I think there’s a nice foundational session in that. Maybe something silly like making a `<blink>` tag. Or a `<nobr>` because I’m a sucker for old dead dumb tags. But also something more substantive like a datetime tag that’ll allow you to interact and see times in alternate time zones. Anyway, expect that to be at the next FrESH.
# 17:47 
capjamesg[d] Oooh!
# 17:47 
capjamesg[d] That timezone one would be amazing.
[snarfed] joined the channel
# 18:29 
to2ds [Joe_Crawford]: A <blink> webcomponent? That's sounds awesome!
gRegor joined the channel
# 18:45 
[morganm] I want to re-create the <details> and <summary> elements if I can work up to that, as a web component
jonnybarnes, GuestZero and [jgarber] joined the channel
# 20:40 
[jgarber] When sending a bearer token in an HTTP Authorization header, is the “Bearer” string allowed to be lowercase?
# 20:40 
[jgarber] `authorization: bearer token_value_here`
# 20:40 
[jgarber] HTTP header names may be lowercases and it stands to reason that “bearer” should be able to be sent lowercases, but consuming code I’m finding expects it to be precisely “Bearer”…
# 20:44 
catgirlin.space i’ve never seen a lowercase bearer
# 21:33 
gRegor https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 lists "Bearer" in quotes like that, so I think it's supposed to be exactly that, with capitalization
# 21:34 
gRegor I think "Authorization" is actually the header name, though, which could be lowercase. "Bearer" is part of the value
# 21:35 
[tantek] HTTP headers case-insensitive https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
# 21:35 
[snarfed] this is value, not header name
# 21:35 
gRegor Right, so "Authorization" could be lowercase
# 21:36 
gRegor `Authorization: Bearer b64token` or `authorization: Bearer b64token`
# 21:57 
[jgarber] Thanks, y’all! That answers it. 🙌
beanbrain joined the channel
# 22:04 
beanbrain hey, does anyone have any experience with dreamhost?
# 22:05 
beanbrain i would like to set up a webserver with vultr, and point the domain to vultr's dns, but i'm worried about losing my email with dreamhost
# 22:06 
beanbrain i'm trying to learn how i can have vultr point back to dreamhost for mail, or something else entirely
ttybitni` and ttybitnik joined the channel
# 22:28 
gRegor beanbrain, I think wherever your domain is registered, you can set a DNS A record to point where you want the hosting, and a DNS MX record for handling mail.
# 22:29 
beanbrain dreamhost does not let me configure the records individually
# 22:29 
gRegor If you're already using Dreamhost's DNS, you probably don't need to do anything for the mail, just the DNS A record to point hosting elsewhere
# 22:29 
gRegor I'm pretty sure they do?
# 22:30 
beanbrain they let me add records, but not change what's already there
# 22:30 
beanbrain ...unless adding a record would take higher priority than what's prexisting?
# 22:32 
gRegor Not sure. You might get around it by setting DNS at the registrar level instead of using Dreamhost's NS. I'd definitely ask support what they recommend, though, the extent of my experience is just adding a couple custom DNS records
# 22:34 
beanbrain hmm.. thanks, i'll ask support
# 22:37 
gRegor They have https://www.dreamhost.com/products/email/ so should definitely support it. I've only ever used hosting+email
kiasoc5 joined the channel
# 23:23 
beanbrain well, that was quite effortless actually
# 23:23 
gRegor nice!
Kaguneh joined the channel
# 23:37 
aaronpk oh fun fact "Authorization: bEaReR xxxx" is valid
# 23:37 
aaronpk this came up in an OAuth 2.1 issue and we added examples of funny capitalizations to the spec to make it explicit https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-5.1.1
# 23:38 
aaronpk this is where it's actually specified https://www.rfc-editor.org/rfc/rfc5234.html#section-2.3
# 23:41 
[jgarber] Oh interesting okay so we’ve got conflicting RFCs? 😂
# 23:41 
aaronpk no there's no conflict
# 23:46 
aaronpk just bad examples
# 23:50 
[jgarber] Ah, also differing OAuth versions. I see. RFC-6750 is 2.0 and the one you just linked is 2.1.
# 23:51 
[jgarber] So basically an accommodating server should expect to receive just about any capitalization in that value.
# 23:58 
aaronpk yes
# 23:58 
aaronpk and to be clear, 6750 also allows any capitalization, it's just that the only example is "Bearer"